<%@ page language="java" import="java.sql.*"%>
<html>
<head><title>Read from mySQL Database</title>
</head>
<body>
<center>
<%
	String DRIVER = "com.mysql.jdbc.Driver";
	Class.forName(DRIVER);

	Connection con=null;
	ResultSet rst=null;
	Statement stmt=null;

	try
	{
		String url="jdbc:mysql://ecstiger.cs.andrews.edu/d562_2010_01?user=u562_2010_01&password=YPJ8f4We";
		con=DriverManager.getConnection(url);
		stmt=con.createStatement();
		String sql = "SELECT * FROM user WHERE username = '" + request.getParameter("username") + "' AND password = '" + request.getParameter("password") + "';";
		rst=stmt.executeQuery(sql);
		//out.println(sql);

		if(rst.next())
		{
			session.setAttribute( "logged_in", "true");
			if(rst.getInt(5) == 1)
			{
				session.setAttribute("user_level", "administrator");
				out.println("<p><h1>Logged In as an Administrator</h1></p>"  + "<p><a href=menu.jsp>Main Menu</a></p>");
			}
			else
			{
				session.setAttribute("user_level", "normal_user");
				out.println("<p><h1>Logged In as a Normal User</p></h1>" + "<p><a href=menu.jsp>Main Menu</a></p>");
			}
			session.setAttribute("id", rst.getString(1));
			session.setAttribute("name", rst.getString(2));
                        session.setAttribute("username", rst.getString(3));
			session.setAttribute("password", rst.getString(4));


		}
		else
		{
			session.setAttribute( "logged_in", "false");			
			out.println("Not Logged In");
		}
	
		rst.close();
		stmt.close();
		con.close();
	}
	catch(Exception e)
	{
		//out.println(e.getMessage());
		out.println(e);
	}

%>
</center>
</body>
</table>
</center>
</div>


</body>
</html>
